Citrix NetScaler 14.1-60.52 : Duo OAuth authentication fails with "Invalid algorithm is found in JWT. Please contact your administrator." error.

book

Article ID: CTX696048

calendar_today

Updated On:

Description

After upgrading the NetScaler to firmware 14.1-60.52, users are facing issue with Duo OAuth which fails with the error "Invalid algorithm is found in JWT. Please contact your administrator."

In the ns.log we see the log : Invalid algorithm <HS512> found, cannot verify jwt.

Cause

This issue is observed when the NetScaler 14.1-60.52 negotiates the HS512 algorithm for Duo OAuth, however the OAuth actions supports only HS256, resulting in authentication failure.

Resolution

As a workaround for now, manually add support for the HS512 algorithm to the Duo OAuth action via CLI using the below command:

set authentication OAuthAction <duo_oauth_action> -allowedAlgorithms HS256 HS512 RS256 RS512

This updates the OAuth action to explicitly allow the HS512 hashing algorithm along with the existing supported algorithms.

This issue is tracked with Engineering under issue ID - NSAUTH-15698, and the fix will be available in 14.1-66.x and above. The tentative ETA is mid to late February 2026.

Issue/Introduction

After upgrading NetScaler to firmware version 14.1-60.52, users experience Duo OAuth authentication failures with the error “Invalid algorithm is found in JWT. Please contact your administrator.”

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"